Wardengate is a layered control plane: identities authenticate once, every privileged session terminates at the gateway, and evidence is captured before traffic reaches targets.
Access layer
IdP + client tools
Gateway layer
Enforcement choke point
Control plane
API + approvals
Data layer
Metadata + recordings
Targets
Unchanged infrastructure
Sessions flow down through the gateway. Evidence persists in the data layer.
Traditional PAM stacks scatter enforcement across agents, vault checkouts, and network ACLs. Wardengate centralizes brokering, MFA, recording, and audit at a single choke point. Operators never receive direct network reachability to production — they receive session grants bound to identity, policy version, and time window.
The access layer connects your IdP and client tools. The gateway layer brokers protocols and applies step-up MFA plus inline recording. The control plane schedules approvals, JIT windows, and connector health. The data layer persists session metadata, recordings, and signed audit bundles. Targets remain unchanged — SSH daemons, RDP hosts, databases, and Kubernetes APIs see brokered connections, not standing operator credentials.
The API and scheduler coordinate organizations, assets, and grants. Protocol connectors terminate SSH, RDP, database, and Kubernetes sessions. The policy engine evaluates identity attributes, group membership, device posture, and risk signals at connect time. The recording pipeline captures keystrokes, screen, and file events inline. Object storage holds playback artifacts; PostgreSQL holds structured metadata for search, SIEM export, and auditor review.
Start with a single control plane and one gateway connector for a pilot estate. Scale horizontally by adding gateway nodes behind a load balancer — sessions are stateful at the connector but policy and audit remain centralized. Active/standby and multi-region patterns place connectors close to targets while keeping one authoritative policy store. See the deployment models guide for scenario-specific topologies.
Operational docs
Related guides
Standalone, active/standby, horizontal scale, and multi-region gateway — when each fits.
Fifteen-minute path from install to a brokered, recorded, identity-bound session.
How users, targets, accounts, protocols, and time windows combine into enforceable grants.
Block, approve, or mask high-risk commands and connections before they execute.
Ready to evaluate?
Walk through gateway brokering, recording, and audit exports in a working session — or start with the interactive demo.
